One of my long time pet peeves with how we
PMC members participate in vetting releases
is our penchant for focusing too much on the
policies surrounding license and notice info.
I really think our exclusive focus on things
that really don't pose any organizational risk
to either the org nor the project participants
serves us well in our other, often unexpressed
but far more relevant, goals about encouraging
committers to participate in active review of
their project's commit activity.

Just think about this for a second, what's more
likely for people to start suing us over, some
bug in the NOTICE file or an undetected backdoor
in one of our programs?  I am personally far more
concerned about the current state of the actual
review going on in our podlings than I am about
NOTICE minutia.

Maybe we should compile some list of which committers
are actually subscribed to their project's commit lists?
It's crude but it may be useful data to look at to
a first order.

Reply via email to